Use-After-Free Vulnerability in Linux Kernel Affecting Network Security Policies
CVE-2026-53239

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 25 June 2026

What is CVE-2026-53239?

A use-after-free vulnerability exists in the Linux kernel's XFRM (IPsec) networking subsystem, specifically involving the handling of inexact network policy contexts. This flaw arises due to improper synchronization mechanisms during operations that modify policy settings, which can lead to a race condition. As a result, if a policy is deleted while another process attempts to access it concurrently, it can lead to memory corruption and potential exploitation, thereby degrading system stability and security.

Affected Version(s)

Linux 6be3b0db6db82cf056a72cc18042048edd27f8ee < 8fc536e9f6856230f19c7d13e71af064b6a77b22

Linux 6be3b0db6db82cf056a72cc18042048edd27f8ee

Linux 6be3b0db6db82cf056a72cc18042048edd27f8ee < 25c8c7fb3b0b9668c7d05e209f58c158d2b020c7

References

https://git.kernel.org/stable/c/8fc536e9f6856230f19c7d13e...

https://git.kernel.org/stable/c/c4c1ea36d83bf3c4569468ca5...

https://git.kernel.org/stable/c/25c8c7fb3b0b9668c7d05e209...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 25, 2026
Vulnerability Reserved
Jun 9, 2026

CVE-2026-53239 Data

JSON